Syntax Description

User identifier for the user account. The user-id argument is a case-sensitive, alphanumeric character string with a maximum length of 28 characters.

Note The Cisco NX-OS software does not allowed the "#" and "@" characters in the user-id argument text string.

expire date

(Optional) Specifies the expire date for the user account. The format for the date argument is YYYY-MM-DD.

password

(Optional) Specifies a password for the account. The default is no password.

0

Specifies that the password that follows should be in clear text. This is the default mode.

5

Specifies that the password that follows should be encrypted.

password

Password for the user (clear text). The password can be a maximum of 64 characters.

Note Clear text passwords cannot contain dollar signs ($) or spaces anywhere in the password. Also, they cannot include these special characters at the beginning of the password: quotation marks (" or `), vertical bars (|), or right angle brackets (>).

role role-name

(Optional) Specifies the role which the user is to be assigned to. Valid values are as follows:

•default-role—User role

•network-admin—System configured role

•network-operator—System configured role

•priv-0—Privilege role

•priv-1—Privilege role

•priv-2—Privilege role

•priv-3—Privilege role

•priv-4—Privilege role

•priv-5—Privilege role

•priv-6—Privilege role

•priv-7—Privilege role

•priv-8—Privilege role

•priv-9—Privilege role

•priv-10—Privilege role

•priv-11—Privilege role

•priv-12—Privilege role

•priv-13—Privilege role

•priv-14—Privilege role

•priv-15—Privilege role

•vdc-admin—System configured role

•vdc-operator—System configured role

priv-lvl level

(Optional) Specifies the privilege level to assign the user. Valid values are from 0 to 15.

sshkey

(Optional) Specifies an SSH key for the user account.

key

SSH key string.

filenamefilename

Specifies the name of a file that contains the SSH key string.

Command Default

No expiration date, password, or SSH key.

Command Modes

Global configuration mode

Command History

Release

Modification

6.0(2)N1(1)

This command was introduced.

Usage Guidelines

The switch accepts only strong passwords. The characteristics of a strong password include the following:

•At least eight characters long

•Does not contain many consecutive characters (such as "abcd")

•Does not contain many repeating characters (such as "aaabbb")

•Does not contain dictionary words

•Does not contain proper names

•Contains both uppercase and lowercase characters

•Contains numbers

Caution If you do not specify a password for the user account, the user might not be able to log in to the account.

You must enable the cumulative privilege roles for TACACS+ server using the feature privilege command to see the priv-lvl keyword.

Examples

This example shows how to create a user account with a password:

switch(config)# username user1 password Ci5co321

switch(config)#

This example shows how to configure the SSH key for a user account:

switch(config)# username user1 sshkey file bootflash:key_file

switch(config)#

This example shows how to configure the privilege level for a user account:

switch(config)# username user1 priv-lvl 15

switch(config)#

Related Commands

Command

Description

feature privilege

Enables the cumulative privilege of roles for command authorization on TACACS+ servers.

show privilege

Displays the current privilege level, username, and status of cumulative privilege support for a user.